Announcement

Collapse
No announcement yet.

Security / Default Username

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security / Default Username

    Just wondering... has anyone found a way to change or remove the default username (3dcartadmin)? I've seen many attempts over the past few days to access that user account (with the wrong password) - one time, too many attempts even locked the account (I had to use the email to unlock it). As far as I can tell, it's another store owner that accidentally ended up on our IP trying to login (and using their password, which didn't work) - but, obviously, having the same user-id as everyone else makes this more of a problem (along with the login page not mentioning which site you're logging in for)... I also saw a few login attempts from other IPs using defaults - not having a standardized admin username would also stop this... just curious :)

  • #2
    Sure, just go to "Settings" - "General" - "Administrator Access".

    You can setup admin accounts/user names.

    What I do is setup the "3dadmin" account to only allow access from "MY" IP address. I set up another account to allow access from my other location.

    Pretty cool feature if you ask me! One of the better features they have....:)

    Comment


    • #3
      Yes - I had noticed the IP restriction and was considering this, but I don't have a fixed IP, so this may create a problem... the documentation doesn't mention whether a wildcard (i.e. 10.10.10.*) could be used or whether an exact IP had to be entered, and I didn't get to actually testing it out yet... but, the real answer to my question then is that the 3dcartadmin user cannot be removed or renamed. Oh well :)

      Comment


      • #4
        I don't like the security implications of having a standard username with full admin privileges so I create a new admin with full access then restrict the default account to access to nothing. This doesn't remove it but at least it gives me a bit more piece of mind.

        The only problem with this is that 3DC support will need the access changed back for any support issues where they need to get in the admin to work. This only takes a few clicks, but it is a bit of extra work.

        Comment


        • #5
          Originally posted by mueller View Post
          I don't like the security implications of having a standard username with full admin privileges so I create a new admin with full access then restrict the default account to access to nothing. This doesn't remove it but at least it gives me a bit more piece of mind.

          The only problem with this is that 3DC support will need the access changed back for any support issues where they need to get in the admin to work. This only takes a few clicks, but it is a bit of extra work.
          Actually, one great feature for us with version 3.0 is that we can immediately create a 3dcartSUPPORT login and complex password on every account. This account will have full admin access so we can check everything thoroughly. Typically, when a customer opens up a support ticket/calls us, we will create this login so that we will not be logged out of the cart while we are troubleshooting.

          Comment

          Working...
          X